WEEK OF MARCH 07, 2022
Senate passes cybersecurity bill amid fears of Russian cyberattacks
- The Senate unanimously passed cybersecurity legislation on Tuesday that would require companies in critical sectors to alert the government of potential hacks or ransomware.
- The Strengthening American Cybersecurity Act, a package of three bills sponsored by Sen. Gary Peters (D-Mich.), comes as U.S. officials urge the private sector to gear up for possible Russian cyberattacks in retaliation for U.S. sanctions over its invasion of Ukraine.
- “Cyber warfare is truly one of the dark arts specialized by Putin and his authoritarian regime. And this bill will help protect us from Putin’s attempted cyberattacks against our country,” said Senate Majority Leader Charles Schumer (D-NY) following the passage of the legislation.
- One of the bills would require companies to report substantial cyberattacks within 72 hours and ransomware payments within 24 hours to the Cybersecurity and Infrastructure Security Agency(CISA).
Toyota shuts down its Japanese factories after reported cyberattack
- The attack was directed at a key supplier of the automaker.
- A cyberattack has forced Toyota to shut down its factories in Japan, forcing the automaker to lose about 13,000 cars of output, Reuters reports.
- There was no immediate information as to who was behind the cyberattack, with Japanese Prime Minister Fumio Kishida telling reporters that his government would investigate whether Russia was involved.
- Japan is backing the US and other Western allies that are seeking to impose harsh financial sanctions on Russia over its invasion of Ukraine.
HSE cyber-attack cost hits €43m, could rise to €100m
- The cost of the response to, and recovery from the cyber-attack on the Health Service Executive in May last year has reached almost €43 million and could rise to €100 million.
- The figures were released to the Aontú leader Peadar Tóibín on foot of a parliamentary question to the Department of Health.
- According to a letter from Fran Thompson, the Interim Chief Information Officer at the HSE, around €12.7 million has been spent on ICT infrastructure, €5.5 million on cyber/strategic partner support, €15.3 million on vendor support for applications and €8.4 million on Office 365.
Elon Musk warns of possible targeted attacks on Starlink in Ukraine
- As per a tweet posted by Elon Musk, there’s a high probability of the Starlink satellite internet service being targeted in Ukraine.
- SpaceX chief Elon Musk has expressed his concerns over the future of SpaceX’s Starlink service in Ukraine, given the current scenario of uncertainty in the country post the Russian invasion.
- It is worth noting that internet connectivity in Ukraine plunged by 20% on 26 February, as per a report from Reuters.
Japanese beauty retailer Acro blames third-party hack for breach of 100k payment cards
- Company traces compromise to vulnerability in payment processor’s systems
- A data breach disclosed by a Japanese e-commerce company has exposed the details of more than 100,000 payment cards.
- In a data breach notice (in Japanese), beauty products retailer Acro revealed that customers of two of its four beauty product websites were impacted as the result of exploitation of a vulnerability in a third-party payment processing vendor.
- The attack, it added, compromised data related to 89,295 payment cards used to pay for goods on the Three Cosmetics domain and 103,935 cards used on its Amplitude site.
Nato Cyber Security unit tests post-quantum VPN
- Nato’s Cyber Security Centre has successfully tested secure communication flows in a post-quantum world using a UK-designed VPN
- The Nato Cyber Security Centre (NCSC) has performed successful tests of communication flows secured for a post-quantum world, using a virtual private network (VPN) designed and built by Post-Quantum, a UK-based quantum cyber specialist.
- Generally accepted science holds that a quantum computer will in time be able to break most – if not all – current encryption methods, leaving email, secure banking and communications systems vulnerable to disruption from malicious actors. In time, this means all large organisations, technology companies and internet standards will need to transition to quantum-secure encryption.